JustinAzoff

zeek-pdns

Passive DNS collection using Zeek

flow-indexer

Flow-Indexer indexes flows found in chunked log files from bro,nfdump,syslog, or pcap files

can-i-use-afpacket-fanout

Validate if afpacket PACKET_FANOUT_HASH is working properly

pynfdump

python wrapper for the nfdump cli application

ssh-auth-logger

A low/zero interaction ssh authentication logging honeypot

bannerscanner

simple tcp port scanner + banner grabber

zeek-clickhouse

bro-react

react stuff

json-cut

zeek-log-filtering

A bunch of examples of zeek log filtering

zeek-jemalloc-profiling

a zeekctl plugin that helps configure MALLOC_CONF for profiling

zeek_benchmarks

bro-bench

work in progress bro benchmarking tool

suricata

Suricata git repository maintained by the OISF

wifi-wpa

wifi daemon for connecting to unencrypted networks with gokrazy

credit-card-exposure

Detect credit card exposures with Bro

CVE-2020-14882-weblogicRCE

Detection of RCE in Oracle's WebLogic Server CVE-2020-14882 / CVE-2020-14750

cve-2022-22954

detect-ransomware-filenames

go-opendecompress

like os.Open, but automatically decompress files

ipviz

Visualize zeek conn logs using a hilbert space filling curve

package-manager

A package manager for Zeek

partial_md5

Figure out if it's possible to truncate a large file so that it has a particular md5.

pcap_simplify

pcap format simplification stuff

pingback

A Zeek package to detect the Pingback malware ICMP tunnel command and control (C2) network traffic.

raspi-corelight

Corelight@Home script

ssh-auditor

The best way to scan for weak ssh passwords on your network

website

Source code for website.

wifi

Package wifi provides access to IEEE 802.11 WiFi device actions and statistics. MIT Licensed.

zeek-long-connections

Zeek package for tracking long connections to report them before they have completed.